Title: Vulnerability alert
Last modified: July 3, 2026

---

# Vulnerability alert

 *  [colbi](https://wordpress.org/support/users/colbi/)
 * (@colbi)
 * [2 days, 6 hours ago](https://wordpress.org/support/topic/vulnerability-alert-5/)
 * [https://patchstack.com/database/wordpress/plugin/sportspress-pro/vulnerability/wordpress-sportspress-pro-plugin-2-7-29-local-file-inclusion-vulnerability](https://patchstack.com/database/wordpress/plugin/sportspress-pro/vulnerability/wordpress-sportspress-pro-plugin-2-7-29-local-file-inclusion-vulnerability)
 * There is a current vulnerability report from Patchstack regarding the SportsPress
   Pro Plugin. Please advise when a patch is available.

Viewing 1 replies (of 1 total)

 *  Plugin Contributor [Savvas](https://wordpress.org/support/users/savvasha/)
 * (@savvasha)
 * [13 hours, 33 minutes ago](https://wordpress.org/support/topic/vulnerability-alert-5/#post-18956168)
 * Hi [@colbi](https://wordpress.org/support/users/colbi/)
 * The development team is currently reviewing this report. Their initial assessment
   is that it is most likely a false positive, as the report history indicates that
   it was originally submitted in February 2026 and approved for publication in 
   July 2026 (see screenshot below).
 * ![](https://i0.wp.com/snipboard.io/GimHS2.jpg?ssl=1)
 * In the meantime, the plugin has received multiple updates, including [a security patch](https://github.com/ThemeBoy/SportsPress/commit/6dca1cd065363cbff719b023fbaad14ad6e5a8f1)
   that appears to address the issue described in the Patchstack report.
 * Nevertheless, based on the details provided in the Patchstack report, exploiting
   this vulnerability would require an attacker to already have administrator-level
   access to the site. Therefore, the potential impact is considered to be very 
   limited, if none.
 * Thanks,
   Savvas

Viewing 1 replies (of 1 total)

You must be [logged in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fvulnerability-alert-5%2F%3Foutput_format%3Dmd&locale=en_US)
to reply to this topic.

 * ![](https://ps.w.org/sportspress/assets/icon-256x256.png?rev=1252005)
 * [SportsPress - Sports Club & League Manager](https://wordpress.org/plugins/sportspress/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/sportspress/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/sportspress/)
 * [Active Topics](https://wordpress.org/support/plugin/sportspress/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/sportspress/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/sportspress/reviews/)

 * 2 replies
 * 2 participants
 * Last reply from: [Savvas](https://wordpress.org/support/users/savvasha/)
 * Last activity: [13 hours, 33 minutes ago](https://wordpress.org/support/topic/vulnerability-alert-5/#post-18956168)
 * Status: not resolved